Removal of ADFS in tech stack?

LDS Account is the primary user account (user name and password) for accessing online Church resources. This forum is a space to discuss all things related to LDS Account (registration, account recovery, user experience, vulnerabilities, etc.).
3boysdad
New Member
Posts: 2
Joined: Tue Sep 16, 2014 3:11 pm

Removal of ADFS in tech stack?

Postby 3boysdad » Tue Sep 16, 2014 3:16 pm

I think I noticed that the church, for its web sites, stopped using ADFS (Active Directory Federated Service) back in July and moved over to another technology for perform SAML based authentication and STS (secure token service) to provide authorization services (AA).

So a few questions - sadly likely won't make it to the conference to bend a few years.

First - what did you change to? Appears to be either home grown or something produced by Adobe.
Second - what business problems were being solved by the move? What were the goals of the change?
Third - frankly i'm impressed by the change over, zero issues on my end and now it seems that both mobile and web use the same STS - so what did you to prep for this change over?

russellhltn
Community Administrator
Posts: 20775
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Removal of ADFS in tech stack?

Postby russellhltn » Tue Sep 16, 2014 4:05 pm

Welcome! This forum is mostly user-to-user support with an occasional employee stopping by.

I doubt if most people get that deep, so I'm not sure as you'll get an answer.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

3boysdad
New Member
Posts: 2
Joined: Tue Sep 16, 2014 3:11 pm

Re: Removal of ADFS in tech stack?

Postby 3boysdad » Tue Sep 16, 2014 4:15 pm

One can hope...I did have trepidation about posting such a topic. It felt off topic based upon other posts. But as I won't be making the conference I thought it might not hurt to ask...especially if there's an employee lurking about.

We effectively starting using the same tech stack about two years after looking at what others (including LDS.org) did for their STS. There are some problems in our implementation of ADFS - however, most revolve around 3rd party relying parties (RP's) that don't necessary care or will not apply a business rule in their delivered application based upon an assertion being sent over the wire. ADFS, like it should, prevents us interfering in the flows - so we can't prevent a redirect to the RP if say the customer hasn't paid their bill for the month.


Return to “LDS Account”

Who is online

Users browsing this forum: No registered users and 1 guest